[Logcheck-commits] r1400 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Thu Dec 28 11:54:55 CET 2006
Author: madduck
Date: 2006-12-28 11:54:54 +0100 (Thu, 28 Dec 2006)
New Revision: 1400
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
Log:
* ignore.d.server/ssh: ignore messages about missing auth information.
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2006-12-28 10:53:11 UTC (rev 1399)
+++ logcheck/trunk/debian/changelog 2006-12-28 10:54:54 UTC (rev 1400)
@@ -24,6 +24,7 @@
* ignore.d.server/ssh: ignoring message about corrupted input MAC.
* ignore.d.server/ssh: ignoring message about bad packet length.
* ignore.d.server/ssh: ignoring message about bad protocol identification.
+ * ignore.d.server/ssh: ignore messages about missing auth information.
* ignore.d.server/dcc: ignore message about which DCC servers are used.
@@ -33,7 +34,7 @@
(closes: #402204).
* Do not source debconf confmodule in preinst as it's not needed.
- -- martin f. krafft <madduck at debian.org> Thu, 28 Dec 2006 11:52:46 +0100
+ -- martin f. krafft <madduck at debian.org> Thu, 28 Dec 2006 11:54:34 +0100
logcheck (1.2.51) unstable; urgency=medium
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/ssh
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2006-12-28 10:53:11 UTC (rev 1399)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/ssh 2006-12-28 10:54:54 UTC (rev 1400)
@@ -17,9 +17,11 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: I(llegal|nvalid) user [-_.[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for i(llegal|nvalid) user [-._[:alnum:]]* from ([:.[:xdigit:]]+|UNKNOWN) port [[:digit:]]{1,5} ssh2?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: ssh_msg_send: write$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Corrupted MAC on input\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Bad packet length [[:digit:]]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification '[^']+' from ([:[:xdigit:].]+|UNKNOWN)+$
More information about the Logcheck-commits
mailing list